Patch Craze To Continue In 2007 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
02:02 PM

Patch Craze To Continue In 2007

The cycle of vulnerability disclosure-exploit-patch that's accelerated in 2006 will continue next year, security expertrs say.

Windows users should expect 2006's high patch numbers to grow even larger next year, security experts said Wednesday.

With Microsoft's 2006 total breaking previous records of both the number of security updates issued and the number of critical vulnerabilities patched, it may come as a shock that 2007 will likely meet or beat those figures.

"Although Microsoft is fixing a lot more of its vulnerabilities faster than in the past, we'll see the trend continuing [of more updates]," says Chris Andrew, the VP of security technologies at patch management vendor PatchLink Corp. "Vista will still have security vulnerabilities."

The cycle of vulnerability disclosure-exploit-patch that's accelerated in 2006, adds Andrew, will also continue next year. "With two [Microsoft Word] zero-day threats still active and no patches in sight, December is a preview of what's to come in 2007," Andrew says. And according to a survey released by PatchLink on Wednesday, almost 70% of companies expect foresee an increase in zero-day threats during 2007.

But Gunter Ollmann, the director of IBM's Internet Security Systems (ISS) X-Force threat research team, predicts that Windows Vista, or even Microsoft overall, won't be the big bug-fixer early in the year.

"Every vendor under the sun will be launching program updates in the first couple of months for Vista," says Ollmann. Naturally, new software will lead to new bugs being found, and necessary patches prepared and deployed.

But 2007 will have to work hard to beat this year's numbers. According to security vendor McAfee, Microsoft during 2006 patched 133 vulnerabilities pegged as "critical" or "important," the top two rankings in the Redmond, Wash., developer's four-step system of scoring threats. That was almost double the number patched in 2005.

Overall vulnerabilities are also up, adds Ollmann, but less dramatically. ISS, he says, "just counted the 7,000th vulnerability of the year." However, during 2005, there were approximately 5,000 flaws tallied by ISS.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Flash Poll